mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 00:48:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Tighten firefox (#275)

Browse source 
* Update firefox

* Remove `sys_ptrace` line
This commit is contained in:
nobody43 2024-01-19 15:42:13 +00:00 committed by GitHub
parent 7581eacdc6
commit 6556856fed
Failed to generate hash of commit
1 changed files with 14 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
apparmor.d/groups/browsers/firefox
View file

@ -148,6 +148,8 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
owner @{user_share_dirs}/applications/userapp-Firefox-@{rand6}.desktop{,.@{rand6}} rw, owner @{user_share_dirs}/applications/userapp-Firefox-@{rand6}.desktop{,.@{rand6}} rw,
owner @{user_share_dirs}/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml rw, owner @{user_share_dirs}/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml rw,
owner @{user_share_dirs}/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml.* rw, owner @{user_share_dirs}/mime/packages/user-extension-{htm,html,xht,xhtml,shtml}.xml.* rw,
owner @{user_share_dirs}/sounds/__custom/index.theme r,
owner @{user_share_dirs}/sounds/__custom/*.ogg r,
owner @{config_dirs}/ rw, owner @{config_dirs}/ rw,
owner @{config_dirs}/{extensions,systemextensionsdev}/ rw, owner @{config_dirs}/{extensions,systemextensionsdev}/ rw,
@ -172,15 +174,22 @@ profile firefox @{exec_path} flags=(attach_disconnected) {
owner /tmp/user/@{uid}/@{name}/* rwk, owner /tmp/user/@{uid}/@{name}/* rwk,
owner /tmp/@{name}/ rw, owner /tmp/@{name}/ rw,
owner /tmp/@{name}/* rwk, owner /tmp/@{name}/* rwk,
owner /tmp/* rw,
owner /tmp/firefox_*/ rw, owner /tmp/firefox_*/ rw,
owner /tmp/firefox_*/* rwk, owner /tmp/firefox_*/* rwk,
owner /tmp/mozilla_*/ rw, owner /tmp/mozilla_*/ rw,
owner /tmp/mozilla_*/* rw, owner /tmp/mozilla_*/* rw,
owner /tmp/MozillaBackgroundTask-*-removeDirectory/ rw, owner /tmp/MozillaBackgroundTask-???????????????-removeDirectory/{**,} rw,
owner /tmp/MozillaBackgroundTask-*-removeDirectory/** rwk, owner /tmp/MozillaBackgroundTask-???????????????-removeDirectory/.parentlock k,
owner /tmp/Mozillato-be-removed-cachePurge-* k, owner /tmp/Mozillato-be-removed-cachePurge-??????????????? rwk,
owner /tmp/Temp-@{uuid}/ rw, owner /tmp/Mozilla@{uuid}-cachePurge-??????????????? rwk,
owner /tmp/Mozilla\{@{uuid}\}-cachePurge-??????????????? rwk,
owner /tmp/Temp-@{uuid}/{**,} rw,
owner /tmp/mozilla-temp-@{int} rw,
owner /tmp/@{rand8}.txt w,
owner /tmp/tmp-???.xpi rw,
owner /tmp/.xfsm-ICE-@{rand6} rw,
owner /tmp/tmpaddon r,
owner /tmp/* w, # file downloads (to anywhere)
@{run}/mount/utab r, @{run}/mount/utab r,